oss-sec mailing list archives

Re: CVE request: Mplayer/Mencoder read out-of-bounds parsing a mp3 file

From: cve-assign () mitre org
Date: Sun, 29 May 2016 13:45:22 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

A read out-of-bounds parsing a mp3 file was found in the last revision
of mplayer. Technical details and a reproducer are available here:

https://trac.mplayerhq.hu/ticket/2298

Component:  libavcodec
libavformat version 57.34.103 (internal)

AddressSanitizer: heap-buffer-overflow
READ of size 4

in avcodec_decode_audio4


Use CVE-2016-5115 for this libavcodec issue. We did not check whether
this affects any versions of FFmpeg. libavformat version 57.34.103 is
more recent than in FFmpeg 3.0.2, for example.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXSyoVAAoJEHb/MwWLVhi2sOkP/3FeYYp5pcAVPHm4Lx3qM9Rr
LZYC8ph+Cn8HSTxMhOO+jtTe7DdlXkMvHWMRDGAreaw/RKTT4OjY+iF3u2zdpd6n
Txw31NSKyToof4jVWTojxibkjUa3mAXdNYo9hIW9DL5YBtIz0mYLxoRu5gnNg+V4
pMN/aSKVfiB9W4W36tpo6al8fyEOHakYgqetbkOpV9O40j1nfO9qywGrLA+tWg6Z
b+aLByyLRTYbCoTuuEKYhP/wE78KnVLZRxzoMPSGL0rCFDeQYYBR9ha5bW3n3Dzo
zPag7BqUafbIDOfnhPmbh+FkGqySuHTJxqfZycPH4RymDMzLW0Wb5wtuI+xc13Nx
c7SpdLhX1fQcXBwPUmv0qdhbDMPpGgoovRPvKxCDH2sXR7+ZCtP7QUv2wO7gqe3w
mMqJsORLguf81m4r95QC/Nm0np6GVwDEkNCaQkJft8p3CbACib2NoY3i2OSBEqKB
RO5n4Wq6TIeMpoNTQhTxN2Zhni/ZQ+88Uo2qQP5YPH2griPAUADXopypv7hhCSsx
UZpiLvdRJrMevXMU1D8llqvTfOtYzVoJ7IWlDbg+vtJhQEwyMhT0HYjamkLVusm9
TnfIshGwWKq3jtre3xqDez24S/N9zvTA9FaFQtJb+we95n5cSrZJb17RhOii52M+
tZGsRx2O5Wsp/74wvnli
=nzCw
-----END PGP SIGNATURE-----

Current thread:

CVE request: Mplayer/Mencoder read out-of-bounds parsing a mp3 file Gustavo Grieco (May 29)
- Re: CVE request: Mplayer/Mencoder read out-of-bounds parsing a mp3 file cve-assign (May 29)